IT Security Newsletter

IT Security Newsletter - 03/08/2021

Written by Cadre | Mon, Mar 8, 2021

Flagstar Bank hit by data breach exposing customer, employee data

US bank and mortgage lender Flagstar has disclosed a data breach after the Clop ransomware gang hacked their Accellion file transfer server in January. In December, threat actors affiliated with the Clop ransomware gang began exploiting vulnerabilities in Accellion FTA servers used by organizations to share sensitive files with people outside of their organization. On Friday, Flagstar Bank issued a security disclosure on their website and began emailing customers about a breach of their Accellion FTA server. READ MORE...

Disruptions at Pan-American Life Likely Caused by Ransomware Attack

Recent service disruptions at the Pan-American Life Insurance Group (PALIG) were likely caused by a cyberattack conducted by a threat actor known for using the REvil ransomware. New Orleans-based PALIG provides life, accident and health insurance services across the Americas. The group has more than 20 member companies and employs roughly 2,000 people worldwide. The official website of PALIG (palig.com) currently only displays some contact information and the following message. READ MORE...

Idaho Man Charged With Hacking Into Computers in Georgia

An Idaho man faces federal charges after authorities say he hacked into the computers of a Georgia city and Atlanta area medical clinics. Robert Purbeck - who used online aliases Lifelock and Studmaster - was indicted Tuesday by a federal grand jury in Georgia, according to a news release from the U.S. attorney's office in Atlanta. He's charged with computer fraud and abuse, access device fraud and wire fraud. READ MORE...

EU Banking Regulator Hit by Microsoft Email Hack

The European Banking Authority, a key EU financial regulator, says it has fallen victim to a hack of its Microsoft email system which the US company blames on a Chinese group. Microsoft said last week that a state-sponsored group operating out of China was exploiting previously unknown security flaws in its Exchange email services to steal data from business and government users, believed to number in the tens of thousands so far. READ MORE...

SolarWinds just keeps getting worse: New strain of malware found infecting victims

In brief Another form of malware installed in servers made vulnerable by flaws in SolarWinds' Orion management software has been spotted in the wild. The malware strain, identified as SUNSHUTTLE by boffins at security shop FireEye, is a backdoor attack written in Go which uses HTTPS to communicate with a command-and-control server for data exfiltration, adding new code as needed. Someone based in the US uploaded the malware to a public malware repository in August last year, well before the attack. READ MORE...

Unpatched QNAP devices are being hacked to mine cryptocurrency

Unpatched network-attached storage (NAS) devices are targeted in ongoing attacks where the attackers try to take them over and install cryptominer malware to mine for cryptocurrency. The threat actors exploit two pre-auth remote command execution (RCE) vulnerabilities in the Helpdesk app patched by QNAP in October 2020. Cryptomining malware discovered on NAS devices compromised during this campaign was named UnityMiner by researchers at Qihoo 360's Network Security Research Lab (360 Netlab). READ MORE...

Spanish cops arrest four in 'FluBot' text hacking scheme

Police in Barcelona have arrested four hackers suspected to be behind a massive criminal scheme which has targeted tens of thousands of victims with malicious links impersonating banks in order to steal victims' credentials and money. In the raid, which took place March 2, the police collected laptops, cash, documents, and other high-end mobile devices, the Criminal Investigation Division of the Barcelona Metropolitan Police Region said in an announcement. READ MORE...

US National Security Council urges review of Exchange Servers in wake of Hafnium attack

The Biden administration has urged users of Microsoft's Exchange mail and messaging server to ensure they have not fallen victim to the recently-detected "Hafnium" attack on Exchange Server that Microsoft says originated in China. Microsoft revealed the attack last week and released Exchange security updates. The Biden administration's Cybersecurity and Infrastructure Security Agency (CISA) followed up with a March 5 general advisory encouraging upgrades to on-premises Exchange environments. READ MORE...

Ransomware gang plans to call victim's business partners about attacks

The REvil ransomware operation announced this week that they are using DDoS attacks and voice calls to journalists and victim's business partners to generate ransom payments. The REvil ransomware operation, also known as Sodinokibi, is a ransomware-as-a-service (RaaS) where the ransomware operators develop the malware and payment site, and affiliates (adverts) compromise corporate networks to deploy the ransomware. READ MORE...

University of the Highlands and Islands shuts down campuses as it deals with 'ongoing cyber incident'

The University of the Highlands and Islands (UHI) in Scotland is fending off "an ongoing cyber incident" that has shut down its campuses. In a message to students and staff yesterday afternoon, the institution, which spans 13 locations across the northernmost part of the UK, warned that "most services" - including its Brightspace virtual learning environment - were affected. "We are currently working to isolate and minimise impact from this incident with assistance from external partners." READ MORE...

  • ...in 1817, the New York Stock Exchange is founded.
  • ...in 1971, Muhammad Ali and Joe Frazier meet in the "Fight of the Century," with Frazier winning in 15 rounds via unanimous decison.
  • ...in 1978, the debut radio episode of Douglas Adams's "The Hitchhiker's Guide to the Galaxy" is transmitted by BBC Radio 4.
  • ...in 1979, Philips gives the first public demonstration of audio compact disc technology.